Facebook has tentatively concluded that a hack last month that resulted in data of up to 30 million users being stolen was likely pulled off by spammers and not a nation-state, according to the Wall Street Journal. The Journal is citing sources familiar with Facebook’s investigation. The group behind the attack are believed to be a collection of Facebook and Instagram spammers that present themselves as a digital marketing company.

It was originally believed that up to 50 million users had some of their details stolen before Facebook revised that number down to 30 million. Of the users who did have their data accessed, Facebook says 14 million of them had sensitive details like their names, contact info, recent location check-ins, and more accessed. Another 15 million users only had their name and contact info accessed, while the final 1 million users just had their access tokens stolen–digital passes that let a user log in to their account without needing to type in a password. As a precaution, Facebook has reset the access tokens of all affected users.